Vehicle VPNs, Part One: The ‘Connected Car’

The “connected car.” Up until this point, such a phrase never really resonated with people the way it does now. Most would think it referred to environmentally-focused electric cars that you recharge as an alternative to using fossil fuels. But, in reality, the connected car is more like what we’ve seen in science fiction movies for generations. In science fiction, we see all of the glitz and glamor, but little of the technologies that actually go into securing such innovations. Now, we’re getting closer to the point where science fiction becomes science fact, which is precisely why VPNs will become an integral part of vehicle computer systems for the foreseeable future. For several years now, auto manufacturers have been building onboard infotainment systems into their vehicles. The front-seat passenger can enjoy a movie or play a game on a screen embedded in the dashboard, while rear passengers use screens built into the backs of the forward headrests. Infotainment systems are only the first step, however. Rise of the ‘Connected Car’ Back in 2010, Ford introduced the “MyFord Touch,” a mobile Wi-Fi hotspot allowing travelers in Ford vehicles to send and receive emails and surf the Internet. Then, earlier this year, Ford unveiled its OpenXC platform for hardware and software at the North American International Auto Show. OpenXC allows tablet and smartphone apps to access the internal data network of a Ford vehicle, calling up data from various onboard sensors, including information on location and speed. The intention is to make the lives of Ford drivers easier by using this data to do things like automatically open garage doors or...

Developing a Comprehensive Remote Access Security Framework: Identities and Roles

Every enterprise should consider implementing a comprehensive remote access security framework in light of increased workplace mobility and the BYOD trend. In our last post on the topic, we highlighted what makes mobile endpoints, such as smartphones, tablets and laptops, so vulnerable to malicious attacks. One of the most common security risks networks face today is unauthorized network access, not only by unknown devices but also by known users connecting via unsecure networks. A defense in-depth security framework is necessary to prevent network breaches, and clearly defining and managing both device and user identities and roles are critical for enterprises to increase network security. Efficient endpoint management can make up for the vulnerabilities inherent with the use of personal devices for work purposes, but companies need to know where to start. Every authentication, authorization, and accounting (AAA) event depends on the access credentials provided by the endpoint, so it’s important to find solutions that ensure credentials are valid. Establishing and clearly defining identities is a pretty safe bet, as identities or composite identities, which consist of a number of identity elements, represent the basis of any access transaction. In the network communication context, an identity element is an attribute that is organized in specific repositories to verify various aspects of a device or user identity. Common user identity elements are username, password, PIN numbers, certificates, etc., and device identity elements can include IP or MAC addresses, the model of the device, IMEI and more. If a user and device do not have all of the proper identity credentials, access to the network will be denied. This identity verification process...

Adobe Hacked: The Frightening Implications for Network Security

It seems barely more than a few weeks can pass without news of a major global company being targeted by cyber criminals. The latest to find a bullseye on its back is Adobe. The software company — which is responsible for some of the most widely used photo, video and graphic editing software in the world — announced that the private information of some 3 million customers had been pilfered by hackers. Now, while Adobe insists the data was encrypted, who is to say that the perpetrators didn’t swipe the encryption key along with the rest of their spoils? Adobe has advised its customers to pay close attention to their bank and credit card accounts to spot any unauthorized activity, and to change their Adobe passwords, especially if they use the same password for multiple online accounts (something you shouldn’t do anyway!). But there is a more worrisome issue here. Paying customers of Adobe could certainly be at risk for identity theft and financial fraud, however, individuals who have never paid the company a single dollar could also be at risk for a cyber attack. According to the company, the intruders managed to get their hands on the source code for several Adobe products, including the widely used Adobe Acrobat. Free software installed on millions upon millions of computers, from personal laptops to office desktops, could be compromised. That means that you don’t have to be a paying customer to be victimized by this latest instance of cyber crime. Hackers can alter the source code to do all manner of damage to Adobe users. Of course, Adobe has also...

BYOD, Policy Compliance Top Remote Access Concerns at Interop New York 2013

Another Interop New York conference has come and gone, and as usual, there were plenty of thought-provoking discussions. Unsurprisingly, security was a hot topic at this year’s event, with BYOD and policy compliance receiving a lot of attention. For example, Dark Reading’s Tim Wilson believes that as enterprises are looking at technology providers to help their organizations manage BYOD, it is important to have plans and policies in place that look at the big picture of network security. Many Interop vendors and experts agree that enterprises are relying on third-party service providers more than ever before. Businesses are acknowledging the growing prominence of trends including BYOD and the cloud, and are trying to be more flexible in terms of what applications, operating systems and devices they are supporting. The problem is, many organizations simply don’t have the resources or technology to efficiently manage secure remote access to their corporate networks with in-house support only. Especially in small- and medium-sized businesses, where there is often a lack of IT security employees, let alone a department, providing employees with the wide range of remote access options they want is extremely difficult. The lack of resources does not only hinder an organization’s telecommuting flexibility. It can also impact—and be responsible for—inadequate employee education. Unfortunately, unless an enterprise has a rock solid BYOD plan in place, undereducated employees may unknowingly fall out of compliance and leave holes in a network’s security. Cyber criminals are constantly getting more adept in finding security flaws to access corporate networks, allowing them to alter, steal or destroy sensitive information. From that perspective, it’s simple to see why...